80% of Spam Originating from Home PCs

The majority of spam -- as much as 80 per cent of all unsolicited marketing messages sent -- now emanates from residential ISP networks and home user PCs. This is due to the proliferation of spam trojans, bits of surreptitious malware code embedded in residential subscriber PCs by worms and spyware programs. Worm attacks are growing in frequency because they provide a fast means of infecting a vast number of computers with spam trojans in a very short period of time. It's no surprise that many service providers report an upsurge in spam traffic immediately following a worm attack. more

At the Moment, No One Governs the Internet

What's remarkable about this moment is that the hot potato of DNS standard-setting is still up in the air. The US government didn't want to appear to be in charge, and wanted to convince European governments that it wasn't in charge, and so it created (or called for the creation of) ICANN. ICANN was designed to keep other governments at bay. ICANN has, however, no particular delegated power beyond that accorded to it by the contracts it has signed with registries and registrars. In fact, it can't have more power than that, because if it pretends to be a regulatory agency it should be complying with the APA -- and if it pretends to be a regulator its private nature probably violates US law in a number of respects. more

The Criminals Behind WannaCry

359,000 computers infected, dozens of nations affected world-wide! A worm exploiting a Windows OS vulnerability that looks to the network for more computers to infect! This is the most pernicious, evil, dangerous attack, ever... Queue the gnashing of teeth and hand-wringing! Wait, what? WannaCry isn't unprecedented! Why would any professional in the field think so? I'm talking about Code Red, and it happened in July, 2001. more

ICANN Sacrifices Privacy for Shot at Independence

Late last month, ICANN took a major step toward addressing some ongoing concerns by signing a new agreement with the U.S. government entitled the Joint Project Agreement (JPA) heralded as a "dramatic step forward" for full management of the Internet's domain name system through a "multi-stakeholder model of consultation." ...While the Joint Project Agreement may indeed represent an important change, a closer examination of its terms suggest that there may be a hidden price tag behind ICANN newfound path toward independence -- the privacy of domain name registrants. more

You Paid to Join; You Can Leave Anytime

Once upon a time, around 1998-1999, three of us were hired by APEC-Tel to study "International Charging Arrangements for Internet Services". APEC-Tel is a regular meeting of Pacific-nation telecommunications ministers. The impetus of the study was their consternation that connection to the Internet was being charged (paid for) in an entirely new way. The template of the old telephone settlement scheme had been overthrown. Those wishing to connect to the Internet, which was centred in the United States, were being forced to lay lines across the Pacific, pay landing rights in the United States or Canada, and pay further to connect to the Internet at the nearest negotiated peering or transit point. more

Not So Private Thoughts at IETF 105

At IETF 105, held in Montreal at the end of July, the Technical Plenary part of the meeting had two speakers on the topic of privacy in today's Internet, Associate Professor Arvind Narayanan of Princeton University and Professor Stephen Bellovin of Colombia University. They were both quite disturbing talks in their distinct ways, and I'd like to share my impressions of these two presentations and then consider what privacy means for me in today's Internet. more

Zuccarini To Receive 30 Months in Prison

In a Press Release issued yesterday, February 26, 2004, it has been announced that Zuccarini (background here) will receive 30 months in prison for violating the Truth in Domain Names Act. At least two of the domain names mentioned in the press release, DINSEYLAND.COM and BOBTHEBIULDER.COM appear to have been registered by third parties and are pointing to pages of links... more

JET Open Letter to Microsoft

We, members of the JET (Joint Engineering Team), send this open letter to request Microsoft Corporation to implement IDN (Internationalized Domain Names) standards[1] in the next version of Internet Explorer. ...IDN is a critical enabling technology that will make the Internet more useable and attractive to the majority of the Chinese, Japanese and Korean population who do not use English in their daily life. In fact, IDN is mentioned as one of the Declaration of Action of the World Summit of Information Society (WSIS). To date, IDN registration has been launched in .cn, .jp, .kr, .tw and many other European country code top level domain as well as other generic top level domain names. More than 1 million IDNs have been registered since 2000. Most of the web browsers, such as Safari, Firefox and Opera have implemented IDN standards. This means that users can use IDN in these web browsers without additional applications or plug-ins... more

ICANN UDRP and Contract Disputes

When domain name conflicts between manufacturers and distributors rest on contractual disputes over the use of the trademark owners' marks, ICANN UDRP panels have frequently denied relief. See generally the cases cited and discussed in Western Holdings, LLC v. JPC Enterprise, LLC d/b/a Cutting Edge Fitness and d/b/a Strivectin SD Sales & Distribution, D2004-0426 (WIPO August 5, 2004) by Mark Partridge as sole panelist. The decision summarizes other ICANN UDRP decisions involving contractual disputes. For instance... more

With No Privacy Standards Who Knows Who Is Abusing The Whois Database

John Banks is a loan officer in New York. John's supervisor recently warned John about the potential number of bad loans he may be carrying as part of his portfolio. To dump some of the bad loans he might be carrying, John came up with a scheme. He pointed his web browser to www.whois.org and entered terms denoting disease or poor health such as 'cancer' and 'illness'. This query on the Internet's WHOIS database reported results of names and addresses of domain name owners who had developed websites devoted to providing information on certain serious illnesses. John compared these names and addresses with those in his portfolio of loans. For the matches, he canceled the loans and required immediate payment-in-full. more

The Highest Threat TLDs - Part 1

A domain name consists of two main elements: the second-level domain name to the left of the dot - often consisting of a brand name or relevant keywords - and the domain extension or top-level domain (TLD) to the right of the dot. Domain names form the key elements of the readable web addresses allowing users to access pages on the internet and also allowing the construction of email addresses. more

China’s MIIT Clarifies New Domain Name Regulations, Allays Concerns Over Government Interference

A recent clarification to draft domain name regulations by China's Ministry of Industry and Information Technology (MIIT) indicates greater engagement and openness with the domain name market, not a contraction as some had feared. Following the MIIT's announcement on March 25th 2016, the same Ministry issued a clarification on Wednesday March 30th stating that its new draft regulations will not affect any foreign enterprises or foreign websites from resolving in China. more

Google CEO Discusses Future of the Web and Enterprise Computing

Eric Schmidt, CEO of Google, was interviewed at Gartner Symposium on the future of the Web and enterprise computing. Eric said to about 5000 CIOs attending the event, that Chinese will soon be a dominant language on the net and broadband connections will be so fast that various forms of media -- such as radio and TV -- will be blurred. more

18 Million of the 22 Million Net Neutrality Comments Received by FCC in 2017 Were Fake

A multi-year investigation into 2017 net neutrality rulemaking finds 18 million fake comments were filed with the US Federal Communications Commission (FCC) and half a million fake letters were sent to Congress. more

“It’s Always DNS!” Why DNS Is the Biggest Single Point of Failure in the New Norm

Many in the network security field may be familiar with the phrase: "It's always DNS."  This is a popular meme within the industry, often making reference to the internal domain name system (DNS), the dynamic host configuration protocol (DHCP) part of a company's online network, that whenever there is a network issue, it's always an issue with DNS. more